3.2.5.9 Generating a Signature

To generate a signature over an Encoded CPA or EXTENDED_PAYLOAD structure (minus the Signature field), the PNRP node MUST first generate an SHA-1 hash of the structure (minus the Signature field). The PNRP node MUST then generate a signature over the SHA-1 hash by using the RSASSA-PKCS1-V1_5 algorithm as specified in [RFC8017] section 8.2, and fill in the SIGNATURE structure, putting the computed signature in the Signature Data field.